You are here

CSO Online

A group of hackers from North Korea (DPRK), recently connected to the usage of an Adobe Flash zero-day vulnerability (CVE-2018-4878), has expanded its operations in both scope and sophistication, FireEye says.

With a tool-set that includes zero-day vulnerabilities, destructive malware, and lack of concern when it comes to breaking norms and exasperating heightened tensions in Northeast Asia, the group should be taken seriously.

"We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artifacts and targeting that aligns with North Korean state interests," FireEye explained in a new brief on the group, dubbed APT37 (Reaper).

Everyone, from activists, journalists, CEOs, and politicians, walk around with a computer in their pocket, sometimes calling it a phone. But unlike a laptop or a desktop, you don't really own or control the computer in your pocket. This week on Salted Hash, we talk about mobile privacy and security with the founder of The Guardian Project, Nathan Freitas.

Nathan Freitas has a long history of fascination with the portable computers we call phones. He's worked with activists and human rights supporters for years, helping them to organize and stay in touch. In 2004, he left the mainstream technology industry and started working on tools and technology for activists. In 2009, his work resulted in the creation of the open source project aptly named the Guardian Project, which is where we are today.

[Note: After a story about "Cybersecurity PTSD" was published on February 6 to CSO Online, Salted Hash received a number of comments related to it. Magen Wu has written a rebuttal to that article, which Salted Hash has agreed to host. The words that follow are her own, and reflect her views and opinions. -Steve Ragan, Salted Hash.]

On February 6, an article was published on CSO Online that attempted to detail a previously unheard-of phenomenon called “Cybersecurity PTSD”. At no point in the article is this term defined, nor its symptoms discussed.

Welcome to another episode of Salted Hash. This week, Salted Hash is joined by our new Staff Writer, J.M. Porup, to talk about some recent developments related to Spectre and Meltdown, including patch fixes, future mitigations, and a curious (false) rumor about malware leveraging the three flaws.

The melted Spectre of a Meltdown:

Just as people were returning to work after the holiday, word started to spread about vulnerabilities named Spectre and Meltdown. Salted Hash was one of the first to report on the issues, which you can see here. To briefly recap: